Project

General

Profile

Issue #3084

IPSEC IKEv2 connection towards a remote linux client

Added by Nunziante Gaito 4 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Category:
interoperability
Affected version:
5.8.0
Resolution:
No change required

Description

Hi all
we are using strongswan to implement the IPSEC on IKEV2 support on an our LINUX application node.
if any other remote linux client wants to create an IPSEC IKEV2 connection to our node, is he forced to install before strongswan on its machine or strongswan is not strictlly needed because on our node we have implemented the ipsec standard reported in the RFC7296?

thanks a lot for the calrification
Nunzio


Related issues

Has duplicate Issue #3086: IPSEC IKEv2 connection towards a remote linux clientRejected

History

#1 Updated by Tobias Brunner 3 months ago

  • Tracker changed from Feature to Issue
  • Status changed from New to Feedback
  • Start date deleted (07.06.2019)
  • Affected version set to 5.8.0

I'm not sure I fully understand your question. But strongSwan implements IKEv1 and IKEv2, so any peer that supports these protocols already can be used directly (some have limitations, though, see interoperability).

#2 Updated by Tobias Brunner 3 months ago

  • Has duplicate Issue #3086: IPSEC IKEv2 connection towards a remote linux client added

#3 Updated by Nunziante Gaito 3 months ago

Tobias Brunner wrote:

I'm not sure I fully understand your question. But strongSwan implements IKEv1 and IKEv2, so any peer that supports these protocols already can be used directly (some have limitations, though, see interoperability).

Hi Tobias
likely you have answered me. if a remote linux peer wants to connect to our IPSEC IKEV2 server implemented by using strongswan
it is not needed to install strongswan also on this remote linux peer. am I correct?

I have also another question
for the Windows client connection with IKEV2, is it supported also the Preshared-key authentication or only the certificate-based authentication?

thanks
Nunzio

#4 Updated by Tobias Brunner 3 months ago

it is not needed to install strongswan also on this remote linux peer. am I correct?

If the peer already supports IKE, then no. But if you are talking Linux peers, then you will need strongSwan (or one of the other *swans).

for the Windows client connection with IKEV2, is it supported also the Preshared-key authentication or only the certificate-based authentication?

Windows clients have multiple IKE clients integrated. However, the simple IKEv2 client (see WindowsClients) doesn't support PSK authentication (it supports EAP-MSCHAPv2, though, in which case only the server needs a certificate, the client is authentication with username/password).

#5 Updated by Nunziante Gaito 3 months ago

Tobias Brunner wrote:

it is not needed to install strongswan also on this remote linux peer. am I correct?

If the peer already supports IKE, then no. But if you are talking Linux peers, then you will need strongSwan (or one of the other *swans).

for the Windows client connection with IKEV2, is it supported also the Preshared-key authentication or only the certificate-based authentication?

Windows clients have multiple IKE clients integrated. However, the simple IKEv2 client (see WindowsClients) doesn't support PSK authentication (it supports EAP-MSCHAPv2, though, in which case only the server needs a certificate, the client is authentication with username/password).

Ok thanks a lot
Nunzio

#6 Updated by Tobias Brunner 3 months ago

  • Category set to interoperability
  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No change required

Also available in: Atom PDF